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DETAILED ACTION 

1 . This office correspondence is response to the applicant's after response filed on 
10/09/2008. 

EXAMINER'S AMENDMENT 

2. An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Applicant's representative, Peter J. Hoeller (Reg. No. 61,468), and examiner 
arranged a telephone interview on January 26, 2009 and the interview agenda was to 
reach an agreement of allowance of claims 1-12, 14-32, 49-60, and 62 with examiner 
amendment would make to these claims as follows: 

In the claims: 

All the claims have been rewritten as follows: 
1 . (Currently Amended) A method for automatically negotiating a security protocol, 
comprising: 

receiving a security authorization request to establish a secure connection between an 
internal node having a first protocol set and an external node having a second protocol 
set, wherein: 

(1) the internal node is within a security-enabled domain comprising a centralized 
distributed directory that maintains security information for a plurality of nodes; and 

(2) the external node is not included within the software-based, directory of nodes; 
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comparing the first protocol set associated with the internal node to the second protocol 
set associated with the external node; 

determining that the first node and the second node contain two or more security 
protocols in common; 

selecting a preferred protocol from the two or more security protocols based on transfer 
speeds associated with the two or more security protocols, and bit depths of one or 
more encryption keys, 

wherein the transfer speeds refer to the speeds that network data can be transferred 
using the two or more security protocols; 

the bit depths of one or more encryption keys include the number of bits constituting the 
one or more encryption keys; 

and automatically establishing a secure connection between the external node and the 
internal node based on the preferred protocol 

2. (Original) A method according to claim 1 , wherein the external node 
comprises at least one of a computer and a network-enabled wireless device. 

3. (Original) A method according to claim 1 , wherein the internal node 
comprises at least one of a client computer and a server. 

4. (Original) A method according to claim 1 , wherein the security-enabled 
domain comprises a distributed directory domain. 

5. (Original) A method according to claim 1, wherein the security-enabled 
domain comprises a certificate-based domain. 

6. (Original) A method according to claim 5, wherein the certificate-based 
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domain comprises a Kerberos-enabled domain. 

7. (Original) A method according to claim 6, wherein the matching protocol 
comprises an X.509 certificate. 

8. (Original) A method according to claim 1 , wherein the security 
authorization request is generated by the external node. 

9. (Previously Presented) A method according to claim 8, wherein the 

selected protocol is determined based on at least one of a set of criteria, the set of 
criteria comprising a transfer speed and a bit depth of keys 

10. (Original) A method according to claim 1 , wherein the security authorization request 
is generated by the internal node. 

1 1 . (Original) A method according to claim 10, wherein the step of receiving the security 
authorization request is executed by the external node. 

12. (Original) A method according to claim 1 , further comprising a step of terminating 
the secure connection when a session between the external node and the internal node 
is complete. 

13. (Canceled). 

14. (Original) A method according to claim 1 , further comprising a step of 
selecting a protocol to use in establishing the secure connection when a plurality of 
matching protocols are found. 

15. (Original) A method according to claim 1, further comprising a step of authenticating 
at least one of the internal node and the external node. 

16. (Original) A method according to claim 15, wherein the step of authenticating 
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comprises communicating a certificate to a certificate authority. 

17. (Currently Amended) A system for automatically negotiating a security protocol, 

comprising: 

an internal node, the internal node being included within a software-based, distributed 
directory of nodes, the internal node configured to store a first protocol set comprising 
one or more security protocols supported by the internal node; 
a negotiation engine, the negotiation engine configured for: 

(1) receiving a security authorization request to establish a secure connection between 
the internal node having the first protocol set and an external node which is not included 
within the software-based, directory of nodes and being external to the security-enabled 
domain, the external node configured to store a second protocol set comprising security 
protocols supported by the external node, 

(2) comparing the first protocol set associated with the internal node to the second 
protocol set associated with the external node; (3) determining that the first protocol set 
and the second protocol set contain two or more security protocols in common, 

(4) selecting a preferred protocol from the two or more security protocols based on at 
least one of transfer speeds associated with the two or more security protocols and bit 
depths of one or more encryption keys, wherein: 

a) the transfer speeds include the speeds that network data can be transferred using 
the two or more security protocols, and 

b) the bit depths of one or more encryption keys include the number of bits constituting 
the one or more encryption keys; and 
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(6) automatically establishing a secure connection between the external node and the 
internal node based on the preferred protocol. 

18. (Original) A system according to claim 17, wherein the external node comprises at 
least one of a computer and a network-enabled wireless device. 

19. (Previously Presented) A system according to claim 17, wherein the selected 
protocol is determined based on at least one member of a set of criteria, the set of 
criteria comprising a transfer speed and a bit depth of keys. 

20. (Original) A system according to claim 17, wherein the security-enabled domain 
comprises a distributed directory domain. 

21 . (Original) A system according to claim 17, wherein the security-enabled domain 
comprises a certificate-based domain. 

22. (Original) A system according to claim 21 , wherein the certificate-based domain 
comprises a Kerberos-enabled domain. 

23. (Original) A system according to claim 22, wherein the matching protocol comprises 
an X.509 certificate. 

24. (Original) A system according to claim 17, wherein the security authorization request 
is generated by the external node. 

25. (Original) A system according to claim 24, wherein the security authorization request 
is received by the internal node. 

26. (Original) A system according to claim 17, wherein the security authorization request 
is generated by the internal node. 

27. (Original) A system according to claim 26, wherein the security authorization request 
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is received by the external node. 

28. (Original) A system according to claim 17, wherein the negotiation engine 
terminates the secure connection when a session between the external node and the 
internal node is complete. 

29. (Original) A system according to claim 17, wherein the negotiation engine 
terminates connection processing when no match between the first protocol set and the 
second protocol set is found. 

30. (Original) A system according to claim 17, wherein the negotiation engine selects a 
protocol to use in establishing the secure connection when a plurality of matching 
protocols are found. 

31 . (Original) A system according to claim 17, wherein at least one of the internal node 
and the external node authenticates the other. 

32. (Original) A system according to claim 31 , wherein the authenticating comprises 
communicating a certificate to a certificate authority. 

33-48. (Cancelled) 

49. (Currently Amended) One or more tangib l e computer-readable storage med i a 
medium having computer-executable instructions embodied thereon, the computer- 
executable instructions being configured to execute a method for automatically 
negotiating a security protocol, the method comprising: 

receiving a security authorization request to establish a secure connection between an 
internal node within a security-enabled domain comprising a centralized distributed 
directory that maintains security information for a plurality of nodes , and an external 
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node is not included within the software-based, directory of nodes: wherein: 

(1) the internal node stores a first protocol set identifying one or more security protocols 
supported by the internal node, and 

(2) the external node stores a second protocol set identifying security protocols 
supported by the external node; 

comparing the first protocol set associated with the internal node to the second protocol 
set associated with the external node; 

determining that the first protocol set and the second protocol set contain two or more 
security protocols in common; 

selecting a preferred protocol from the two or more security protocols based on transfer 
speeds associated with the two or more security protocols, and bit depths of one or 
more encryption keys, 

wherein the transfer speeds refer to the speeds that network data can be transferred 
using the two or more security protocols; and 

the bit depths of one or more encryption keys include the number of bits constituting the 
one or more encryption keys: 

automatically establishing a secure connection between the external node and the 
internal node based on the selected protocol. 

50. (Currently Amended) The one or more computer-readable m e d i a medium of claim 
49, wherein the external node comprises at least one of a computer and a network- 
enabled wireless device. 

51 . (Currently Amended) The one or more computer-readable med i a medium of claim 
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49, wherein the internal node comprises at least one of a client computer and a server. 

52. (Currently Amended) The one or more computer-readable med i o medium of claim 
49, wherein the security-enabled domain comprises a distributed directory domain. 

53. (Currently Amended) The one or more computer-readable med i o medium of claim 
49, wherein the security-enabled domain comprises a certificate-based domain. 

54. (Currently Amended) The one or more computer-readable mod i a medium of claim 

53, wherein the certificate-based domain comprises a Kerberos-enabled domain. 

55. (Currently Amended) The one or more computer-readable mod i o medium of claim 

54, wherein the matching protocol comprises an X.509 certificate. 

56. (Currently Amended) The one or more computer-readable mod i o medium of claim 
49, wherein the step of generating a security authorization request is executed by the 
external node. 

57. (Currently Amended) The one or more computer-readable m e d i a medium of claim 
56, wherein the step of receiving the security authorization request is executed by the 
internal node. 

58. (Currently Amended) The one or more computer-readable mod i a medium of claim 
49, wherein the step of generating a security authorization request is executed by the 
internal node. 

59. (Currently Amended) The one or more computer-readable m e d i a medium of claim 
58, wherein the step of receiving the security authorization request is executed by the 
external node. 

60. (Currently Amended) The one or more computer-readable mod i o medium of claim 
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49, wherein the method further comprises a step of terminating the secure connection 
when a session between the external node and the internal node is complete. 

61. (Canceled). 

62. (Currently Amended) The one or more computer-readable med i o medium of claim 
49, wherein the method further comprises a step of selecting a protocol to use in 
establishing the secure connection when a plurality of matching protocols are found. 



Allowable Subject Matter 

2. Claims 1-12, 14-32, 49-60, and 62 are allowed. The following is an examiner's 
statement of reasons for allowance: In interpreting the claims, in light of the 
Specification and the applicant's amendments filed on 10/09/2008, the Examiner finds 
the claimed invention to be patentably distinct from the prior art of record. 

3. Heilig et al (US patent Pub. 20020078371 ) is concerned establishing the secure 
connection between an internal node and external node by comparing plurality of 
security protocols and select the protocol that matches between these two nodes. 

4. Roddy et al (US patent 6,845,452) is concerned the security enabled domain 
should be certificate based domain, Kerberos based domain and encryption keys. 

5. However the totality of each element and/or step in claims 1-12, 1 4-32, 49-60, 
and 62 are not alluded to in the combined art of Heilig and Roddy. Their teachings 
either individually or in combination failed to teach or suggest the method recited in 
claim 1 . More specifically, the combination of Heilig and Roddy does not teach or 
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suggest "the internal node is within a security-enabled domain comprising a centralized 
distributed directory that maintains security information for a plurality of nodes; and 
the external node is not included within the software-based, directory of nodes" as 
recited in claim 1 . Similarly, the combination of Heilig and Roddy does not teach or 
suggest " selecting a preferred protocol from the two or more security protocols based 
on transfer speeds associated with the two or more security protocols, and bit depths of 
one or more encryption keys, wherein the transfer speeds refer to the speeds that 
network data can be transferred using the two or more security protocols; the bit depths 
of one or more encryption keys include the number of bits constituting the one or more 
encryption keys;" as recited in claim 1 . Accordingly, claim 1 , and 1 7, and 49 is allowable 
over the combination of Heilig and Roddy. So, Claims 1-12, 14-32, 49-60, and 62 are 
allowable by virtue of their dependency upon claim 1 , and 1 7, and 49 and also due to 
additional limitations recited in these claims. Therefore, for the foregoing reasons, 
examiner withdraws of the rejection of claims 1-12, 14-32, 49-60, and 62 under 35 USC 
§1 03(a) as being obvious over Heilig in view of Roddy. 

7. However, the prior art of record fails to teach or suggest some of the steps of the 
present claim invention. Examiner performed an updated search and unable to find any 
prior art to disclose all the steps mentioned in the independent claims. 

8. Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 
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Conclusion 

9. Claims 1-12, 14-32, 49-60, and 62 are patentable. 

10. Claims 13, 33-48, and 61 are cancelled. 

1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Mohammad w. Reza whose telephone number is 571- 

272- 6590. The examiner can normally be reached on M-F (9:00-5:00). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, MOAZZAMI NASSER G can be reached on (571)272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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